diff options
| author | Chad Brubaker <cbrubaker@google.com> | 2015-08-03 18:21:11 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2015-08-03 18:21:11 +0000 |
| commit | 63bc525c24efc3a1f6386a4e0e395a4c70a335ca (patch) | |
| tree | 72f9a65840ab33bd4a11e623a2b551e162016808 | |
| parent | dbbc4082fa9aa77e0ddd6b33fa2338d066d8e0bd (diff) | |
| parent | 853b8d7984673976f943fc1664012598cb040696 (diff) | |
| download | android_system_security-63bc525c24efc3a1f6386a4e0e395a4c70a335ca.tar.gz android_system_security-63bc525c24efc3a1f6386a4e0e395a4c70a335ca.tar.bz2 android_system_security-63bc525c24efc3a1f6386a4e0e395a4c70a335ca.zip | |
am 853b8d79: am fd1ad379: am 1c73457a: am b124c9e8: Fix unchecked length in Blob creation
* commit '853b8d7984673976f943fc1664012598cb040696':
Fix unchecked length in Blob creation
| -rw-r--r-- | keystore/keystore.cpp | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index e56edfd..a956533 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -485,8 +485,16 @@ static const uint8_t CURRENT_BLOB_VERSION = 2; class Blob { public: - Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, + Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength, BlobType type) { + if (valueLength > sizeof(mBlob.value)) { + valueLength = sizeof(mBlob.value); + ALOGW("Provided blob length too large"); + } + if (infoLength + valueLength > sizeof(mBlob.value)) { + infoLength = sizeof(mBlob.value) - valueLength; + ALOGW("Provided info length too large"); + } mBlob.length = valueLength; memcpy(mBlob.value, value, valueLength); |